mirrors/fuwuqi
1
0
Fork 1
mirror of https://git.exozy.me/a/fuwuqi.git synced 2024-11-22 08:51:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

Clean up HTTP signature verification code

Browse source
This commit is contained in:
Anthony Wang 2023-01-19 22:09:55 +00:00
parent 7cbb9f7e49
commit f7403f75da
No known key found for this signature in database
GPG key ID: 1DDC6BC38786C595
1 changed files with 7 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
server.py
View file

@ -64,10 +64,9 @@ class fuwuqi(SimpleHTTPRequestHandler):
username = search('^/users/(.*)\.(in|out)box$', self.path).group(1)
# Get actor public key
keyid = search('keyId="(.*?)"', self.headers['Signature']).group(1)
actor = iri_to_actor(keyid)
pubkeypem = actor['publicKey']['publicKeyPem'].encode('utf8')
# Get signer public key
signer = iri_to_actor(search('keyId="(.*?)"', self.headers['Signature']).group(1))
pubkeypem = signer['publicKey']['publicKeyPem'].encode('utf8')
pubkey = serialization.load_pem_public_key(pubkeypem, None)
# Assemble headers
@ -85,10 +84,9 @@ class fuwuqi(SimpleHTTPRequestHandler):
pubkey.verify(b64decode(signature), message[:-1].encode('utf8'), padding.PKCS1v15(), hashes.SHA256())
# Make sure activity doer matches HTTP signature
actor = keyid.removesuffix('#main-key')
if ('actor' in activity and activity['actor'] != actor) or \
('attributedTo' in activity and activity['attributedTo'] != actor) or \
('attributedTo' in activity['object'] and activity['object']['attributedTo'] != actor):
if ('actor' in activity and activity['actor'] != signer['id']) or \
('attributedTo' in activity and activity['attributedTo'] != signer['id']) or \
('attributedTo' in activity['object'] and activity['object']['attributedTo'] != signer['id']):
self.send_response(401)
return